Two flaws were found in the way the PostgreSQL server handles certainSQL-language functions. An authenticated user could execute a sequence ofcommands which could crash the PostgreSQL server or possibly read fromarbitrary memory locations. A user would need to have permissions to dropand add database tables to be able to exploit these issues (CVE-2007-0555,CVE-2007-0556).

Several denial of service flaws were found in the PostgreSQL server. Anauthenticated user could execute certain SQL commands which could crash thePostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).

Users of PostgreSQL should upgrade to these updated packages containingPostgreSQL version 8.1.8 which corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188